System Administration Commands nfsmapid(1M)
NAME
nfsmapid - NFS user and group id mapping daemon
SYNOPSIS
/usr/lib/nfs/nfsmapid
DESCRIPTION
The nfsmapid daemon maps to and from NFS version 4 owner and
owner_group identification attributes and local UID and GID
numbers used by both the NFS version 4 client and server.nfsmapid uses the passwd and group entries in the
/etc/nsswitch.conf file to direct how it performs the map-
pings.The nfsmapid daemon has no external, customer-accessible
interfaces. You can, however, administratively configurenfsmapid in one of the following ways:
o Specify the nfsmapid_domain parameter in the SMF
for NFS using the sharectl(1M) command.o Specify the _nfsv4idmapdomain DNS resource record.
Please refer to the System Administration Guide: Network Services for further details. SMF ManagementThe nfsmapid service is managed by the service management
facility, smf(5), under the service identifier: svc:/network/nfs/mapid Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The service's status can be queried using the svcs(1) command.If it is disabled, it will be enabled by mount_nfs(1M),
share_nfs(1M), and automountd(1M), unless its
application/auto_enable property is set to false.
SunOS 5.11 Last change: 19 Aug 2010 1
System Administration Commands nfsmapid(1M)
nfsmapid caches a user's UID and GID. If a user subsequently
changes a UID or GID, using one of the utilities listedbelow, the nfsmapid cache becomes stale. At this point, any
NFS operation that gets or set attributes will result in theexchange of this stale information. To resolve this situa-
tion, restart nfsmapid, as follows:
# svcadm restart svc:/network/nfs/mapid:default
The startup SMF parameter designating a domain name(nfsmapid_domain) can be manipulated with the sharectl(1M)
command.nfsmapid_domain
The setting for the NFS SMF parameter nfsmapid_domain
overrides the domain used by nfsmapid for building and
comparing outbound and inbound attribute strings, respectively. Also, this setting overrides any other mechanism for setting the NFSv4 domain. In the absenceof a nfsmapid_domain setting, the nfsmapid daemon deter-
mines the NFSv4 domain as follows: o If a properly configured /etc/resolv.conf (seeresolv.conf(4)) exists, nfsmapid queries speci-
fied nameserver(s) for the domain. o If a properly configured /etc/resolv.conf (see resolv.conf(4)) exists, but the queried name server does not have a proper record of thedomain name, nfsmapid attempts to obtain the
domain name through the BIND interface (see resolver(3RESOLV)).o If no /etc/resolv.conf exists, nfsmapid falls
back on using the configured domain name (see domainname(1M)), which is returned with the leading domain suffix removed. For example, for widgets.sales.acme.com, sales.acme.com is returned. o If /etc/resolv.conf does not exist, no domain name has been configured (or no/etc/defaultdomain exists), nfsmapid falls back
on obtaining the domain name from the hostname, if the host name contains a fully quali-
fied domain name (FQDN).SunOS 5.11 Last change: 19 Aug 2010 2
System Administration Commands nfsmapid(1M)
If a domain name is still not obtained following all of thepreceding steps, nfsmapid will have no domain configured.
This results in the following behavior:o Outbound owner and owner_group attribute strings
are encoded as literal ID's. For example, the UID 12345 is encoded as 12345.o nfsmapid ignores the domain portion of the inbound
attribute string and performs name service lookups only for the user or group. If the user/group exists in the local system name service databases,then the proper UID/GID will be mapped even when no domain has been configured. This behavior implies that the same administrative user/group domain exists between NFSv4 client and server
(that is, the same UID/GIDs for users/groups on both client and server). In the case of overlapping ID spaces, the inbound attribute string could potentially be mapped to the wrong id. However, this is not functionally different from mapping the inbound string to nobody, yet provides greater
flexibility. See EXAMPLES, below.
The utilities that allow you to change UID and GID are: o usermod(1M) o userdel(1M) o groupmod(1M) o groupdel(1M)EXAMPLES
Example 1 Setting Domain Name The following command uses sharectl to set the domain name.# sharectl set -p nfsmapid_domain=sun.com nfs
The nfsmapid_domain property is described under NOTES,
below.SunOS 5.11 Last change: 19 Aug 2010 3
System Administration Commands nfsmapid(1M)
Example 2 Obtaining Domain Name The following command uses sharectl to obtain the current domain name.# sharectl get -p nfsmapid_domain nfs
nfsmapid_domain=sun.com
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | system/file-system/nfs |
|_____________________________|_____________________________|
SEE ALSO
svcs(1), automountd(1M), domainname(1M), groupdel(1M),groupmod(1M), mount_nfs(1M), svcadm(1M), share_nfs(1M),
sharectl(1M), userdel(1M), usermod(1M), resolver(3RESOLV), resolv.conf(4), attributes(5), smf(5) System Administration Guide: Network Services NOTESThe nfsmapid daemon might not exist in a future release of
Solaris.SunOS 5.11 Last change: 19 Aug 2010 4